|
Full Disclosure
mailing list archives
RE: Re: Bypassing Personal Firewall (Zone AlarmPro)Using DDE-IPC
From: "Debasis Mohanty" <mail () hackingspirits com>
Date: Sat, 1 Oct 2005 20:41:00 +0530
I tested this earlier, SendMessage() / SetDlgItem() / SetWindowText()
doesn't work for the current version of ZA Products (ZA Pro / Internet Sec
Suit).
This helps preventing the most wellknown windows local attack - Shatter
Attack.
However, I still can see a way out for their latest product... Will be
updated soon.
- Tr0y
-----Original Message-----
From: full-disclosure-bounces () lists grok org uk
[mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of Thierry
Zoller
Sent: Saturday, October 01, 2005 3:39 PM
To: full-disclosure () lists grok org uk
Subject: Re: [Full-disclosure] Re: Bypassing Personal Firewall (Zone
AlarmPro)Using DDE-IPC
Dear Paul,
PL> And in their press release, only the free is affected.
Which makes this discovery [ although a bit outdated ->
SendMessageApi() ] even more important, possibly a few million users
affected.
--
Thierry Zoller
Packet sniffer : http://www.sniff-em.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
|
Intro
